How Online Payments Really Work

Insights for Businesses How Online Payments Really Work

If you’re thinking about setting up an online store, you’re in good company.

Shoppers are increasingly turning to online options, as their access to technology and their comfort with current technology grows. Businesses that want to compete effectively need to set up their online shops to allow their customers to check out quickly and securely.

The success of your online business starts with making smart choices about payment processing. So, we’ve put this document together to help walk you through the process of setting up online payments and finding the best-possible pricing and partners for your business. If you’re unfamiliar with some of the payment terms we’re using, just check the Quick Reference Guide at the end for full definitions and additional tips.

How Online Payments Really Work | 1 The Players 1 Who and what enables payments and delivery

Meet the partners that help you get paid. When you’re ready to start accepting credit and debit cards, you’re bound to encounter many of these characters in the payments landscape—from the technology pieces at work to help you take payments to the institutions that process and protect them.

The Merchant (That’s You) The Technology Your Customers When you get started, you may work A payment gateway connects your The beauty of electronic payment with a merchant bank (aka merchant website to the payment processor processing is that it’s all behind the acquirer) that will set you up with a (effectively connecting you to your scenes from your customers’ point of merchant account—which links to customer)—moving money from a view—they just check out and it’s fast your payment processor, enabling consumer’s account via an issuer into and secure. When customers choose you to collect funds. Or, you’ll choose your merchant account. In addition to to shop with credit or debit cards, to work with a company like PayPal authorizing transactions, it also pro- their transactions are governed by that acts as your merchant account, tects electronic payments that come several players: the issuer, the Card gateway, and processor (more about through your website. If you want to Associations (Visa®, MasterCard®, this to follow). Once you’re up and accept in-person online payments, etc.), and the Payment Card selling, other players get involved. you can also manually enter card Industry (PCI). Together, these After a payment has processed, the information on a virtual terminal. But companies have created a set of funds are debited from your custom- if you’re looking to take payments on rules and regulations about encrypting er’s account by the issuer—the bank the go or have a brick-and-mortar and protecting data. If you want to that gave them the actual card. shop, a card reader (aka dongle) is a accept credit cards, you’re Then the acquirer is responsible for good idea. Many payment providers required to follow them. depositing them into your account. offer them for free, and you’ll simply pay a per-swipe fee whenever you process a card payment.

A Helpful Tip

What’s the difference between using a merchant acquirer or a payment provider? They both provide a lot of the same financial business products, but payment providers like PayPal can set you up with additional built-in ecommerce options, like templates for your online store, integrated checkout, shipping, and even a payment gateway. With a merchant bank, you’d need to shop around for those services separately.

How Online Payments Really Work | 2 The Payments 2 The flow of money from your customer to you

Most of a payment’s journey is completely invisible to consumers and businesses. Whether you’re keying-in your customer’s card or your customer is hitting a “Buy Now” button, payments go through a series of stages before they reach your account. By understanding the different stages, you’ll have a better sense of what the players are doing (and charging you for), and how to negotiate the best payment processing for your business. The following is a typical flow of a traditional transaction process.

Step 1 Step 2 Step 3 Your Customer Pays Encryption Authentication Your customer has just made a purchase on When your customer’s personal information The payment processor validates (aka “authen- your site using credit or debit. The transac- and payment transaction data goes through ticates”) that the payment data is being sent by tion begins its journey through your payment the payment gateway, it’s encoded to ensure its claimed source, as a way to curb fraud. gateway. secure transmission across the Internet.

Step 4 Step 5 Step 6 Authorization Settlement You’re Paid The payment processor requests the issuing Settlement occurs when the card issuer sends The funds are accessible in your merchant bank to authorize a specific amount of funds the appropriate funds to your acquiring bank, account. Yay! But you may notice that some of from your customer’s credit or debit card. which then deposits them into your merchant the funds are not available, as most payment The issuer checks to make sure the customer account. It can take a few days to complete. processors hold back a reserve temporarily to has enough credit to make the purchase and make sure you can take care of any liabilities sends back an approval or decline. This entire like chargebacks or reversals. process takes only a few seconds.

Some Helpful Tips

1. Talk to your payment processor and ask them to review the reserve limit on your business. They may be able to lower it or remove it altogether.

2. Different providers offer different levels of customization. For example, when you choose PayPal as your provider, you can set up a Buy Now button in about 15 minutes, or set up a fully customized checkout with easy cart integration and a built-in payment gateway. Either way, you can start accepting online payments quickly and securely—and the checkout is optimized to make it easy for your customers, too.

How Online Payments Really Work | 3 The Pricing 3 How rates and fees really work

You’ve learned about how you get your money, and now you want to know: what does it cost? It’s no surprise that everyone who touches the transaction wants to get paid, including the issuing bank, the credit card associations (Visa, MasterCard, etc.), the merchant bank and the payment processor.

Breaking down the fees At its most basic, every time you process a transaction, you pay several fees:

Interchange fee: Markup fee: The issuer gets paid by taking a percentage of each This is a set of fees charged by everyone else who moves sale, called the interchange. This fee varies depending the transaction through the network, including your on a bunch of things, such as industry, sale amount, merchant bank, the gateway, and the payments processor and type of card used. At last check, there were almost (who might all be the same company). The amount of the 300 different interchange fees!* The fee could look like markup fee varies by industry, amount of sale, monthly this: 2.0% of the volume + $0.10 per transaction. processing volume, etc. This is really the ONLY fee where you have the ability to negotiate. Again, it is usually Assessment fee: structured as a percent of the sale amount and a The credit card association (Visa®, MasterCard®, etc.) per-transaction fee (for example, 0.25% + $0.10). also charges a fee, called an assessment. For example, 0.10% + $0.02. This rate is usually bundled with (and Other fees: called the same thing as) the interchange fee. There can also be fees charged for setup, monthly usage, hardware, and even account cancellation.

How Online Payments Really Work | 4 How processors package the fees When researching what type of credit card processor is best for your needs, you’ll likely run into a variety of pricing models for processing transactions. Understanding how these rate structures work can help you choose what’s best for your business – without unnecessary costs weighing you down. See below for an outline of three main structures that are common in credit card processing.

Flat-rate pricing Flat-rate pricing is the easiest pricing model to understand. It involves paying the processor a flat fee for all credit and debit card transactions, which covers all the fees mentioned above. At PayPal, our flat-rate pricing structure for businesses that have under $3,000 monthly in sales volume is 2.9 percent plus $0.30 per transaction. See the chart below for an illustration of how this flat-rate pricing might play out. (Note that fees for cards that are swiped through a terminal, instead of entered online, could be higher.)

Your monthly sales volume Flat fee per transaction Fee examples

$0 to $3,000 2.9% + $0.30/transaction1 $3.20 fee on a $100 sale

$3,000 to $10,000 2.5% + $0.30/transaction1 $2.80 fee on a $100 sale

$10,000+ 2.2% + $0.30/transaction1 $2.50 fee on a $100 sale

Visit our fees page to get the full details on our flat-rate pricing.

Interchange plus pricing As we mentioned above, every time your customers pay with a credit or debit card, their card issuer charges you a percentage, called an interchange. In addition, the association (Visa, etc.) adds on a fee, called an assessment. (People usually lump the two together as the “interchange fee.”)In an interchange plus pricing model, your payment processor adds a fixed markup on top of the interchange fee, instead of bundling a fee directly into the interchange.

For instance:1.8% for interchange fees + a markup of 2% + $0.102 = $3.90 fee on a $100 sale While this pricing model gives you a bit more visibility into the breakdown of your rates, the tradeoff is that your statements are more complicated to figure out and reconcile.

How Online Payments Really Work | 5 Tiered Pricing In a tiered pricing model, the processor takes the 300 or so different interchange rates and lumps them into three buckets (or pricing tiers): qualified, mid-qualified, and non-qualified, usually based on the amount of risk associated with the transaction.

This makes it simpler for you (and them) to understand. However, since the processor defines the tiers however it wants, it can be expensive and lead to a lot of frustration when you get your monthly statement. Here’s an example. In general, there are three tiers:

Qualified Rate Mid-Qualified Rate Non-Qualified Rate Transactions swiped into a physical Transactions that don’t qualify for Transactions that don’t qualify for terminal with a standard (non-reward) the lowest rate fall into a mid-quali- the above buckets fall into a non-qual- consumer credit card are usually fied rate. For example, if key-enter a ified tier, the highest rates you can considered qualified. Since these customer’s credit card number, such pay. Many rewards, corporate, and carry the lowest risk, they are pro- as for phone and direct mail orders, signature card transactions might be cessed at the lowest rates. If a you’ll pay this higher rate. (Since considered non-qualified (depend- customer uses a reward card at a there’s no physical card present, ing on the processor). Additionally, terminal, however, that bumps it up this process brings more risk of ecommerce transactions are typically to the non-qualified rate. fraud, hence the higher rate.) Some considered non-qualified. That means processors place rewards and that even if someone is using a plain Note: This is usually the first rate a business card transactions in the old consumer credit card, a payment processor will quote to you—make mid-qualified bucket. made online will generate the highest sure to dig deeper, since it’s likely fees for you. your transactions will not fall into this bucket very often.

For reference, a qualified card might have a 2.25 percent transaction rate, while a non-qualified card could have a 3.25 percent rate, depending on the credit card processor.3 Here’s how that might look:

Qualified Mid-qualified Non-qualified

2.25% + $0.253 = $2.50 fee on a $100 sale 3.00% + $0.253 = $3.25 fee on a $100 sale 3.25% + $0.253 = $3.50 fee on a $100 sale

How Online Payments Really Work | 6 A note on fees When comparing different types of pricing structures, be sure to keep in mind that some processors charge additional fees, and these can be buried in the fine print. For example, a processor may charge a cancellation fee if you decide to terminate a contract, even if you’ve been unhappy with their services.

You may also get charged a withdrawal fee for moving funds from your payment processing account to your business bank account, even though that’s a standard activity for sellers. Before signing any contract, look for hidden fees, because they could significantly affect your profits.

In general, understanding pricing models and fees can help take the mystery out of choosing a credit card processor and help you find a service that’s right for your business.

1This is an example for illustrative purposes only and is subject to change without notice. These fees apply to domestic payments in US dollars. There is typically an additional charge for any currency conversion and a charge to receive payments from another country. Rates and fees may vary based on the company, card type, and pricing structure. Be sure to ask your provider for details.

2This is an example for illustrative purposes only, and is subject to change, using an average interchange rate of 1.8% for MasterCard or Visa transactions in the United States, though it varies widely across card types. This often also includes a fixed fee on top of the 1.8%, but it depends on the type of card and transaction. On average the interchange rates in the US are 179 basis points (1.79%, 1 basis point is 1/100th of a percentage) and vary widely across countries. There is typically an additional charge for any currency conversion and a charge to receive payments from another country. Rates and fees may vary based on the provider, card type, and pricing structure. Be sure to ask your provider for details.

3This is an example for illustrative purposes only and is subject to change. The qualified example above is based on a non-rewards card swiped transaction, and the non-qualified example above is based on a rewards card swiped transaction. There is typically an additional charge for any currency conversion and a charge to receive payments from another country. Be sure to read the provider’s Merchant Processing Agreement for the exact criteria used to classify each transaction.

How Online Payments Really Work | 7 Quick Reference Guide Payment processing terms

Once you’ve got the language down, you’ll gain a better understanding of the flow of payments—how the funds go from your customer’s account to yours—and tips you can use to get the right payment processing for your business’ needs.

Acquirer or Merchant Acquirer Discount Rate In this sense, to “acquire” means to “accept” payments. This is a percentage of every sale that you pay to your So, an Acquirer is a banking partner for businesses. acquiring bank for accepting consumer credit cards (like They take the risk that you’re going to be a trustworthy Visa, MasterCard, etc.). All applicable fees are bundled business (aka underwriting). into a single percentage rate (aka “the discount rate”), which typically includes interchange, assessments, and Authentication processor fees. For example, if the discount rate is 2.5% When a customer submits a payment, the payment on a sale of $100, the cost will be $2.50. processor needs to validate (aka “authenticate”) that the payment data is being sent by its claimed source. Tip: Only work with payment service providers that are transparent about their fees. Types of payment structures that Payment processor companies use this process as a commonly exist include flat-fee/flat-rate pricing, percentage best practice to curb fraud. rates, and tiered-pricing.

Authorization Dongle (aka Card Reader) The first half of transaction processing, authorization is a A small accessory that you plug in to your mobile device request from the payment processor to the issuing bank to to securely process in-person payments—either with a authorize a specific amount of funds from your customer’s physical card or electronically. Once you’ve got your sys- credit or debit card. tem all set up, it comes with other perks for your business, such as enabling your shoppers to find and check in with Batch Processing you on their phones and receive personalized offers. A method used by the payment processor to process all the day’s transactions at once. The acquiring bank uses Encryption this to help drive operational efficiency for your business. The process where your customer’s personal information In the online world, transactions are usually processed at and payment processing transactional data is encoded to the same time they’re authorized. ensure secure transmission across the Internet.

Tip: Make sure you check with your processor regarding Tip: Encryption is an important part of what’s known as PCI settlement—failure to settle transactions on a daily basis compliance. And keep in mind that not all payment proces- could result in higher fees. sors are PCI compliant. This can lead to unexpected fees (and complications) for you, so it’s a good idea to choose one that can help with your PCI compliance needs. Card Association or Credit Card Network Companies, such as MasterCard and Visa, that set Flat-Rate Pricing the rules and standards for processing transactions. A highly transparent pricing model where you pay the See PCI Compliance. payment service provider a flat percentage on the transaction volume for all credit and debit cards. (This is generally preferred by businesses over other more complicated ways to pay for credit processing.)

How Online Payments Really Work | 8 Interchange Plus Pricing Payment Processor When your customers make a credit or debit card A Payment Processor is the company that actually gets purchase, their bankcard association charges a percentage the work done. It is responsible for moving the transac- of the transaction—this is called an interchange rate, and tion from point A to point B and back again. They handle it varies based on the card category. With the Interchange the authorization and settlement, figure out how much to Plus Pricing, a fixed markup is added by your payment charge you for each transaction, and transfer the money processor on top of that interchange fee. (This is also from your customer’s bank to your merchant bank. You sometimes called “cost plus pricing.”) may not know who your payment processor is, unless you work with a provider like PayPal, as the processor’s rela- Issuer or Issuing Bank tionship is often with your acquiring bank, not you directly. This is where credit and debit cards come from. An Issuer is any financial institution or company that issues physical Payment Card Industry (PCI) compliance cards to cardholders. If you want to take credit or any other electronic payment, you’ll need to follow the rules set by the Payment Card Merchant Account Industry (PCI). PCI compliance is mandated by all card If you want to accept credit and debit cards, you need a brands to protect and encrypt card information during and Merchant Account, a special bank account set up between after a financial transaction. All organizations or busi- you and your acquiring (or merchant) bank. The bank is nesses, regardless of size or number of transactions, are responsible for debiting the funds from your customer and required to follow the rules to be PCI compliant if they depositing them into your account. accept, transmit, or store any cardholder data.

Tip: If you’re seeking a new merchant account, look Tip: Some payment providers offer built-in features within for accounts with simple, straightforward fee structures their payment solutions that can help you reduce your PCI (see “Flat-rate pricing”). That way, you can eliminate the compliance workload—and make your life a lot easier. guesswork in how much it will cost. Be sure to ask your provider for details.

Payment Gateway Reserve A Payment Gateway is the software that connects your Most payment processors hold back a percentage of the website (or cash register) to the processing networks. transaction or a flat amount—and this amount is called When you process a credit card (or other form of elec- a Reserve. It’s important to note that this is NOT a fee— tronic payment) the Payment Gateway securely authorizes it’s still your money. However, you cannot access it for a cards and electronic payments by encrypting and protect- certain amount of time. Why do they do this? They need ing the customer’s sensitive information—like credit card to ensure that you can meet liabilities that may incur from numbers and other account information. a chargeback, claim, or bank reversal. Reserves are a common industry practice and are used to create a safer shopping experience.

Tip: The reserve limit is often set based on processing history or if the business/industry is deemed higher risk. So, it’s a good idea to talk with your payment processor and ask them to review the reserve limit on your business—in some cases they can lower or eliminate it.

How Online Payments Really Work | 9 Settlement Transaction Fee or Authorization Fee The last step in card processing, settlement occurs This is a flat service fee (e.g., $0.30 per transaction), you when the card issuer sends the appropriate funds to pay the payment processor every time you send a cus- your acquiring bank, which then deposits them into your tomer’s card details to your payment gateway, regardless merchant account. of the outcome. For example, customer tries to buy some- thing from you, but their card is declined. You, the busi- Tiered Pricing ness owner, still pay a transaction fee to cover the cost of This is a rate structure for fees you pay the payment pro- the processor handing that transaction. cessor for every card or electronic payment transaction. Tip: There are almost as many transaction fees out there as Rate structure criteria are based on a system of qualifica- there are transactions. When shopping around, be sure to look tion. While it’s complicated than this, there are generally for payment providers that offer completely transparent fees three tiers (also called buckets): and no hidden charges.

1. Qualified rate: This is sometimes called a card- Virtual Terminal swiped rate, since it is (usually) applied to a transac- An online way to accept in-person payments. It’s the tion where businesses swipe the credit card through electronic equivalent of a physical point-of-sale terminal a terminal. Since businesses can easily verify that the that retailers use to swipe cards. Instead, you manually shopper is the owner of the credit card, the incidence enter the card information. Virtual terminals let you take of fraud is quite low—so, the rate is the lowest. your business on the road—all you need is an Internet connection.

2. Mid-qualified rate: This rate is usually applied when Tip: Virtual Terminal processing usually comes with its own set businesses key-enter a customer’s credit card (in of pricing. Be sure to check with your merchant service phone or mail order sales, for example). Since there is provider. Also, if you want to swipe credit cards using your mobile phone or tablet—and take advantage of lower,

no physical credit card present, the risk is higher—and card-swiped rates—you can download an app and get a so the rate is also higher. credit card reader (or dongle).

3. Non-qualified rate:Transactions that are processed without supplying the customer’s billing address are Visit www.paypal.com/business to learn more. often downgraded to the non-qualified rate, which is not surprisingly the most expensive fee. E-commerce transactions fall into this category. Rewards cards and commercial card transactions do, too. Visa is a registered trademark of Visa International Services Association. MasterCard is a registered Tip: Beware: Most payment processors with tiered pricing may trademark of MasterCard International, Inc. offer low “show rates” (aka “teaser rates”) to entice busineses. Also, since the rules for qualification vary from processor to © 2015 PayPal, 2211 N. First St., San Jose, CA 95131 processor, it’s virtually impossible to decipher which processor will give you the best overall rates. Perhaps the wisest thing you can do is to avoid a tiered-rate relationship altogether, in favor of a Fixed-Rate or Interchange Plus pricing plan.

How Online Payments Really Work | 10